Linux Docker specify the Network bridge and specify the Network bridge IP detailed

Source: Internet
Author: User
Tags mkdir git clone docker ps docker run

$ docker Network ls


Network ID NAME DRIVER


7fca4eb8c647 Bridge


9f904ee27bf5 none null


CF03EE007FB4 Host Host


Bridge


The default bridge network, we can use the Docker Network Inspect command to view the returned network information, we use the Docker Run command is to automatically apply the network to the new container


Host


If it is hosts mode, the start container will not get a separate network namespace, but with the host use the same, the container will not have network cards and IP, but in addition to other aspects of the network is still independent


Container


If the newly created meeting that container specifies shares a network namespace with the existing container, does not have a shared network with the host, does not have its own NIC and IP, but is shared with the specified container, except the network is independent


None


Docker container has its own network namespace, but it has nothing to do with the network configuration of the Docker container, this none of the container is no network card, IP, routing, etc., we have to manually specify

This chapter information most reference official website: https://docker.github.io/engine/userguide/networking/#/the-default-bridge-network-in-detail
You can also refer to some examples in this chapter, most of which are also from the network, as follows:

One, specify the network bridge
I. 1.1 Creating a Network Bridge

[Root@linuxea ~]# Docker Network Create linuxea.com


af4526e387772f33b053ff2ab47e601ddf9618bc2d444770775723d76d3a1010


[Root@linuxea ~]# Docker Network ls


Network ID NAME DRIVER SCOPE


3EBF99E55DB8 Bridge Bridge


7eb855581296 Host Host Local


af4526e38777 Linuxea.com Bridge


58D75A1A38BC None Null Local


[Root@linuxea ~]#


View Linuxea.com

[Root@linuxea ~]# Docker Network inspect linuxea.com
[

{


"Name": "Linuxea.com",


"Id": "af4526e387772f33b053ff2ab47e601ddf9618bc2d444770775723d76d3a1010",


"Scope": "Local",


"Driver": "Bridge",


"EnableIPv6": false,


"IPAM": {


"Driver": "Default",


"Options": {},


"Config": [


{


"Subnet": "172.18.0.0/16",


"Gateway": "172.18.0.1/16"


}


]


},


"Internal": false,


"Containers": {},


"Options": {},


"Labels": {}


}


]


[Root@linuxea ~]#


Download Mirror

[Root@linuxea ~]# Docker pull Nginx
Using default Tag:latest
Latest:pulling from Library/nginx
6a5a5368e0c2:pull Complete
4aceccff346f:pull Complete
C8967f302193:pull Complete
digest:sha256:1ebfe348d131e9657872de9881fe736612b2e8e1630e0508c354acb0350a4566
status:downloaded newer image for Nginx:latest
II. 1.2 designation Network Bridge

[Root@linuxea ~]# Docker run--NETWORK=LINUXEA.COM-ITD--name=mynginx nginx
b0ec2c7951fa5343d20218811005b16304f9ec5cb3107d06abbf60d5a94df248
[Root@linuxea ~]# Docker Network inspect linuxea.com
[

{


"Name": "Linuxea.com",


"Id": "af4526e387772f33b053ff2ab47e601ddf9618bc2d444770775723d76d3a1010",


"Scope": "Local",


"Driver": "Bridge",


"EnableIPv6": false,


"IPAM": {


"Driver": "Default",


"Options": {},


"Config": [


{


"Subnet": "172.18.0.0/16",


"Gateway": "172.18.0.1/16"


}


]


},


"Internal": false,


"Containers": {


"b0ec2c7951fa5343d20218811005b16304f9ec5cb3107d06abbf60d5a94df248": {


"Name": "Mynginx",


"EndpointId": "adaec00497b42ada6f6b251bff18a26623cfe96890a47df8b5da3c3d75582482",


"MacAddress": "02:42:ac:12:00:02",


"IPv4Address": "172.18.0.2/16",


"IPv6Address": ""


}


},


"Options": {},


"Labels": {}


}


]


[Root@linuxea ~]# Linuxea


Second, specify the Network bridge IP address


2.1 Specifies the IP within the DOCKER0 network segment

We manually specify--net=none, and we can see that there is no NIC in the container

[Root@linuxea ~]# Docker run--net=none--name mynginx-d-P 80:80 nginx


09b9819234338e47a8df7d3eba8daf23bf919b9fa2ea114d60742c3318dc2d69


[Root@linuxea ~]# Docker Ps-a


CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES


09b981923433 nginx "nginx-g ' daemon off" 7 seconds ago up 5 seconds Mynginx


[Root@linuxea ~]#/root/in.sh Mynginx


root@09b981923433:/# IP A


1:lo: <LOOPBACK,UP,LOWER_UP> MTU 65536 qdisc noqueue State UNKNOWN Group Default

Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00
inet 127.0.0.1/8 Scope host Lo
Valid_lft Forever Preferred_lft Forever
INET6:: 1/128 Scope Host
Valid_lft Forever Preferred_lft Forever
root@09b981923433:/#
View DOCKER0 address from 172.17.0.0 network segment

[Root@linuxea ~]# IP addr Show Docker0
4:DOCKER0: <NO-CARRIER,BROADCAST,MULTICAST,UP> MTU 1500 Qdisc noqueue State down

Link/ether 02:42:af:55:9a:54 BRD FF:FF:FF:FF:FF:FF
inet 172.17.0.1/16 Scope Global DOCKER0
Valid_lft Forever Preferred_lft Forever
Inet6 FE80::42:AFFF:FE55:9A54/64 Scope link
Valid_lft Forever Preferred_lft Forever
2.2 Get PID

Create the connection file and then the End-to-end NIC is created, bind VETH_DB84E747C3 to Docker0, and start

[Root@linuxea ~]# Docker inspect-f ' {{. State.pid}} ' Mynginx
28383
[Root@linuxea ~]# mkdir-p/var/run/netns
[Root@linuxea ~]# ln-s/proc/28383/ns/net/var/run/netns/28383
[Root@linuxea ~]# IP link add veth_db84e747c3 type Veth peer name X
2.3 Installation Brctl-tools

Yum Install Bridge-utils

[Root@linuxea ~]# brctl addif Docker0 veth_db84e747c3
[Root@linuxea ~]# IP link set veth_db84e747c3 up
[Root@linuxea ~]# IP link set x netns 28383
There is already a block card in the Mynginx

[Root@linuxea mysql]#/root/in.sh Mynginx
root@e224723da286:/# IP A
1:lo: <LOOPBACK,UP,LOWER_UP> MTU 65536 qdisc noqueue State UNKNOWN Group Default
Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00
inet 127.0.0.1/8 Scope host Lo
Valid_lft Forever Preferred_lft Forever
INET6:: 1/128 Scope Host
Valid_lft Forever Preferred_lft Forever
47:X@IF48: <BROADCAST,MULTICAST> MTU 1500 Qdisc noop State down group default Qlen 1000
Link/ether 2a:bf:7a:75:58:5f BRD FF:FF:FF:FF:FF:FF
root@e224723da286:/#
2.4 Configure IP for new NIC

[Root@linuxea ~]# IP netns exec 28383 IP link set dev x name eth0
[Root@linuxea ~]# IP netns exec 28383 IP link set eth0 up
[Root@linuxea ~]# IP netns exec 28383 IP addr add 172.17.0.100/24 dev eth0
[Root@linuxea ~]# IP netns exec 28383 IP route add default via 172.17.0.1
Back to Mynginx View IP has fixed settings

root@e224723da286:/# IP A
1:lo: <LOOPBACK,UP,LOWER_UP> MTU 65536 qdisc noqueue State UNKNOWN Group Default

Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00


inet 127.0.0.1/8 Scope host Lo


Valid_lft Forever Preferred_lft Forever


INET6:: 1/128 Scope Host


Valid_lft Forever Preferred_lft Forever


47:ETH0@IF48: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; MTU 1500 Qdisc pfifo_fast State up group default Qlen 1000


Link/ether 2a:bf:7a:75:58:5f BRD FF:FF:FF:FF:FF:FF


inet 172.17.0.100/24 Scope Global eth0


Valid_lft Forever Preferred_lft Forever


Inet6 FE80::28BF:7AFF:FE75:585F/64 Scope link


Valid_lft Forever Preferred_lft Forever


root@e224723da286:/# ping-w 3 www.baidu.com


PING www.a.shifen.com (103.235.46.39): Data bytes


Bytes from 103.235.46.39:icmp_seq=0 ttl=46 time=197.858 ms


Bytes from 103.235.46.39:icmp_seq=1 ttl=46 time=209.700 ms


Bytes from 103.235.46.39:icmp_seq=2 ttl=46 time=196.508 ms


---www.a.shifen.com ping statistics---


4 packets transmitted, 3 packets received, 25% packet loss


Round-trip Min/avg/max/stddev = 196.508/201.355/209.700/5.926 ms


root@e224723da286:/#


2.5 Add IP script as follows

[Root@linuxea ~]# cat/root/ip.sh

#!/bin/bash
# filename:bind_addr.sh

If [' Id-u '-ne 0];then
Echo ' must use root permission '
Exit
Fi

If [$#!= 2]; Then
echo "Use method: $ container name IP"
Exit 1
Fi

Container_name=$1
Bind_ip=$2

Container_id= ' Docker inspect-f ' {{. Id} ' $container _name 2>/dev/null '
if [! $container _id];then
echo "Container does not exist"
Exit 2
Fi
Bind_ip= ' echo $bind _ip | Egrep ' ^ ([0-9]|[ 1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]) \.) {3} ([0-9]| [1-9] [0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]) $ '
if [! $bind _ip];then
echo "Incorrect IP address format"
Exit 3
Fi

Container_minid= ' echo $container _id | Cut-c 1-10 '
container_netmask= ' IP addr Show Docker0 | grep "inet\b" | awk ' {print $} ' | cut-d/-F2 '
container_gw= ' IP addr Show Docker0 | grep "inet\b" | awk ' {print $} ' | cut-d/-F1 '

Bridge_name= "Veth_$container_minid"
container_ip= $bind _ip/$container _netmask
Pid= ' Docker inspect-f ' {{. State.pid}} ' $container _name 2>/dev/null '
if [! $pid];then
echo "Get container $container_name ID failed"
Exit 4
Fi

if [!-d/var/run/netns];then
Mkdir-p/var/run/netns
Fi

ln-sf/proc/$pid/ns/net/var/run/netns/$pid

IP link Add $bridge _name type Veth peer name X
Brctl addif Docker0 $bridge _name
IP link set $bridge _name up
IP link set X netns $pid
IP netns exec $pid IP link set dev X name eth0
IP netns exec $pid IP link set eth0 up
IP netns exec $pid IP addr add $container _ip dev eth0
IP netns exec $pid IP route add default via $container _GW
Thank http://yaxin-cn.github.io/
Docker Network can refer to: https://opskumu.gitbooks.io/docker/content/chapter6.html

Iii. three, specifying the network bridge and specifying the Network bridge fixed IP

3.1 Preparation work

Stop the Docker and delete the Docker0 and create a new network Bridge LINUXEA0

[Root@linuxea ~]# Service Docker stop
Redirecting To/bin/systemctl Stop Docker.service
[Root@linuxea ~]# IP link set dev Docker0 down
[Root@linuxea ~]# brctl delbr Docker0
[Root@linuxea ~]# brctl ADDBR linuxea0
IP field 192.168.100.0/24

[Root@linuxea ~]# ip addr add 192.168.100.1/24 dev linuxea0
[Root@linuxea ~]# IP link set dev linuxea0 up
[Root@linuxea ~]# IP addr Show linuxea0
63:LINUXEA0: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU 1500 Qdisc noqueue State UNKNOWN

Link/ether 1e:28:a7:71:19:46 BRD FF:FF:FF:FF:FF:FF
inet 192.168.100.1/24 Scope Global LINUXEA0
Valid_lft Forever Preferred_lft Forever
[Root@linuxea ~]#
3.2 Download Pipwork

[Root@linuxea docker]# git clone https://github.com/jpetazzo/pipework.git
cloning into ' pipework ' ...
Remote:counting objects:475, done.
Remote:total 475 (Delta 0), reused 0 (Delta 0), pack-reused 475
Receiving objects:100% (475/475), 158.46 KiB | 98.00 kib/s, done.
Resolving deltas:100% (250/250), done.
[Root@linuxea docker]# cp-rp pipework/pipework/usr/local/bin/
[root@linuxea docker]# pipework
Syntax:
Pipework Pipework Pipework Route <guest> < Route_command>
Pipework--wait [-i containerinterface]
[Root@linuxea docker]#
View

[Root@linuxea docker]# Brctl Show
Bridge name Bridge ID STP enabled interfaces
BR-24418946EB12 8000.0242668F42E0 No
LINUXEA0 8000.000000000000 No
The contents are written as follows:
[Root@linuxea docker]# Cat/etc/sysconfig/docker | grep ' options= '
Options= '
Options=--selinux-enabled-b=linuxea-h fd://
When Docker0 is removed, the default bridge is specified LINUXEA0, and the container is created with Net=none

After 3.3 run a service

[Root@linuxea docker]# Docker run--rm-ti--net=none Nginx/bin/bash
root@b6d29d0accf0:/#
Use Pipwork to assign linuxea0 IP to the run service

[Root@linuxea ~]# Docker Ps-a


CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NA Mes


b6d29d0accf0 nginx "/bin/bash" seconds ago up seconds Co Ndescending_minsky


[Root@linuxea ~]# pipework linuxea0-i eth0 b6d29d0accf0


And then in view

root@b6d29d0accf0:/# IP A
1:lo: <LOOPBACK,UP,LOWER_UP> MTU 65536 qdisc noqueue State UNKNOWN Group Default

Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00


inet 127.0.0.1/8 Scope host Lo


Valid_lft Forever Preferred_lft Forever


INET6:: 1/128 Scope Host


Valid_lft Forever Preferred_lft Forever


65:ETH0@IF66: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; MTU 1500 Qdisc pfifo_fast State up group default Qlen 1000


Link/ether 72:78:ef:7b:f2:9b BRD FF:FF:FF:FF:FF:FF


inet 192.168.100.100/24 BRD 192.168.100.255 Scope Global eth0


Valid_lft Forever Preferred_lft Forever


Inet6 FE80::7078:EFFF:FE7B:F29B/64 Scope link


Valid_lft Forever Preferred_lft Forever


root@b6d29d0accf0:/#


# default does not specify the NIC device name, then the default is add to Eth1


# In addition pipework can not add static routes, if there is a demand, you can add--privileged=true permissions in the container manually,


# But this security is flawed and can be manipulated via IP netns


Use IP netns to add static routes to avoid creating containers using the--privileged=true option creates some unnecessary security issues

[Root@linuxea ~]# Docker inspect--format= ' {{. State.pid}} "9f28a3f40737
15142
[Root@linuxea ~]# ln-s/proc/15142/ns/net/var/run/netns/15142
[Root@linuxea ~]# IP netns exec 15142 IP route add 192.168.100.0/24 dev eth0 via 192.168.100.1
[Root@linuxea ~]# IP netns exec 15142 IP route
Default via 192.168.100.1 Dev eth0
192.168.100.0/24 Dev eth0 proto kernel scope link src 192.168.100.100
[Root@linuxea ~]#
So far, though, IP or network bridge specified, in fact, is not very convenient to use, and each need to specify NAT, this time to stop
1, in the container.
Route add default GW 10.0.0.1
2, on the Docker host.
Route add-net 192.168.100.1 GW 10.0.0.1

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.